Priorities for Internal Auditors in U.S. Healthcare Provider Organizations. Chief Concerns Include Cybersecurity, Regulatory Compliance and Fraud
|
|
- Lucy Warren
- 8 years ago
- Views:
Transcription
1 Priorities for Internal Auditors in U.S. Healthcare Provider Organizations Chief Concerns Include Cybersecurity, Regulatory Compliance and Fraud
2 INTRODUCTION Technology is a double-edged sword. From an IT perspective, the healthcare industry has plunged into a new age. There has never been a greater emphasis on the implementation of, and reliance on, transformative new technologies that are delivering promising breakthroughs in patient care, operating efficiencies and organizational performance. Sensitive healthcare data is being accessed and used in numerous new ways. This change is fueling historic innovation. At the same time, it is exposing healthcare organizations to new challenges and risks. Chief among these is cybersecurity. While healthcare internal audit functions absolutely need to address cybersecurity issues, they must do so while juggling many other priorities whose number and nature continue to shift due to the ongoing digital transformation, new regulatory requirements and a volatile marketplace. The results of the 2015 Internal Audit Capabilities and Needs Survey of Healthcare Provider Organizations from AHIA and Protiviti shed light on the ways in which chief audit executives (CAEs) and internal audit professionals are performing this strategic juggling act while providing assurance across an everincreasing number of risk areas. Our results indicate that the most important of these competing priorities include health information exchanges, health insurance exchanges, the National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity, and multiple aspects of fraud prevention. Further, our results show that healthcare internal audit functions are focusing their attention and resources in five key areas of priority, which we discuss further in our report: 1. Cybersecurity risks and practices 2. Regulatory compliance 3. Supporting, enabling and protecting the digital enterprise 4. Addressing fraud risks 5. Multi-stakeholder collaboration 1
3 About the Survey Protiviti conducts its Internal Audit Capabilities and Needs Survey annually to assess current skill levels of internal audit executives and professionals, identify areas in need of improvement and help stimulate the sharing of leading practices throughout the profession. This year, survey respondents answered close to 150 questions in the study s three standard categories: General Technical Knowledge, Audit Process Knowledge, and Personal Skills and Capabilities. In each category, respondents were asked to assess, on a scale of one to five, their competency in the different skills and areas of knowledge, with 1 being the lowest level of competency and 5 being the highest. They were then asked to indicate whether they believe they possess an adequate level of competency or if there is need for improvement, taking into account the circumstances of their organization and the nature of the industry. Respondents also answered a separate set of questions in a special section, Cybersecurity and the Audit Process. The overall results, which are based on information provided by all respondents (who numbered more than 800), are contained within the master report (available at Respondents from healthcare providers who comprise 6 percent (n=48) of the survey participants also answered questions in a unique section featuring internal audit areas specific to the healthcare industry. AHIA and Protiviti partnered to analyze these results and produce this report in order to equip internal audit executives and professionals in the healthcare industry with more targeted insights about the unique challenges within their domains. 2
4 CYBERSECURITY RISKS AND PRACTICES The magnitude, frequency and cost of cybersecurity incidents are increasing dramatically in a multitude of industries. Healthcare provider organizations are well-aware of this troubling trend, particularly given the recent cyberattacks that many in the industry have experienced in recent months. The fact is attempted breaches seem all but guaranteed to escalate for healthcare provider organizations, in great part because of the high value criminals place on stolen healthcare data. These risks are exacerbated by the growing number of third-party vendors that have access to healthcare data at least some of which may have gaps in their data security. Vendor risk management remains a top-of-mind concern. Furthermore, with multiple hospitals and Accountable Care Organizations (ACOs) accessing the same electronic health records (EHR) systems for patient data and statistics, the potential for cybersecurity incidents increases. In this year s survey, we included a special section to assess the current state of cybersecurity risk in healthcare provider organizations. Our results indicate internal audit functions view strengthening data security, adhering to the National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity, and mastering new data analysis and auditing technology to be among their highest priorities (these key points also are evident in other sections of the survey). Specifically, our results show: High confidence is generally lacking among internal audit leaders and professionals in current cybersecurity capabilities of healthcare provider organizations, including identifying, assessing and mitigating cybersecurity risk to an acceptable level. Senior management s level of awareness regarding information security exposures is an area for improvement. On average, one in three healthcare provider organizations lack a cybersecurity risk strategy as well as a cybersecurity risk policy. On the positive side, a strong majority of healthcare provider organizations address cybersecurity risk in their risk assessment. 3
5 Ten Cybersecurity Action Items for CAEs and Internal Audit 1. Work with management and the board to develop a cybersecurity strategy and policy. 2. Seek to have the organization achieve a high level of effectiveness in its ability to identify, assess and mitigate cybersecurity risk to an acceptable level. 3. Recognize the threat of a cybersecurity breach resulting from the actions of an employee or business partner. 4. Leverage board relationships to (a) heighten the board s awareness and knowledge of cybersecurity risk; and (b) ensure that the board remains highly engaged with cybersecurity matters and up to date on the changing nature and strategic importance of cybersecurity risk. 5. Ensure cybersecurity risk is formally integrated into the audit plan. 6. Develop, and keep current, an understanding of how emerging technologies and technological trends are affecting the company and its cybersecurity risk profile. 7. Evaluate the organization s cybersecurity program against the NIST Cybersecurity Framework, while recognizing that the framework does not go to the control level and therefore may require additional evaluations of ISO and Recognize that with regard to cybersecurity, the strongest preventative capability requires a combination of human and technology security a complementary blend of education, awareness, vigilance and technology tools. 9. Reinforce the need for cybersecurity monitoring and cyber-incident response with management a clear escalation protocol can help make the case for (and sustain) this priority. 10. Highlight any IT/audit staffing and resource shortages, which represent a top technology challenge in many organizations and can hamper efforts to address cybersecurity issues. Key findings Percentage of healthcare provider organizations that rate themselves less than very effective at identifying, assessing and mitigating cybersecurity risk to an acceptable level Percentage of healthcare provider organizations that have a cybersecurity risk policy in place 72% 70% 67% 33% Percentage of healthcare provider organizations that have a cybersecurity risk strategy in place Percentage of healthcare provider organizations that are unable to address some areas of cybersecurity risk sufficiently due to lack of resources or skills 4
6 REGULATORY COMPLIANCE Addressing regulatory compliance remains a critical mandate in the healthcare industry, with federal, state and industry regulations ever-changing and increasingly burdensome. Our survey shows that chief audit executives and their teams are committed to strengthening their knowledge and expertise of new and emerging regulatory compliance requirements, many of which are provisions of the Patient Protection and Affordable Care Act (PPACA). Similar to last year s results, understanding health information exchanges ranks among the top priorities for healthcare internal audit functions, as does a new area to this year s study, health insurance exchanges. Of particular note, both health information exchanges and health insurance exchanges received relatively low competency ratings (1.9 and 1.7, respectively, on a 5-point scale), suggesting there are major improvement opportunities in these areas. Table 1: Healthcare Industry-Specific Technical Knowledge Overall Results Need to Improve Rank Areas Evaluated by Respondents Competency (5-pt. scale) Health information exchanges 1.9 Health insurance exchanges 1.7 Accountable care organizations 2.6 Patient Protection and Affordable Care Act provisions 2.1 State-specific prompt payment laws 2.0 Accreditation environment (e.g., The Joint Commission) 2.6 Ancillary services (pharmacy, lab, radiology, etc.) 2.4 Cash acceleration programs 2.0 Fraud investigations 2.7 Healthcare joint ventures 2.1 Hospice 1.9 ICD-10 impact, readiness and implementation 2.4 Medicare cost reporting 2.2 Hospital value-based purchasing 2.1 Physician compensation methodologies (e.g., wrvu) 2.1 Professional fee billing 1.9 Provider contracting 2.2 Reimbursement methodologies (Medicare, Medicaid, etc.) 2.3 5
7 While many PPACA implementation objectives have been achieved (e.g., providing access to insurance for uninsured Americans with pre-existing conditions, prescription drug discounts for seniors and allowing providers to organize as ACOs), significant compliance challenges remain. Organizations are just now coming to realize and understand what operating an ACO really means. Internal audit needs to ramp up its knowledge base to serve effectively as an assurance function. PPACA provisions comprise a major portion of regulatory compliance activities. However, healthcare organizations also must contend with many other compliance-related issues, including but not limited to ICD-10, Medicare cost reporting and fraud investigations. Table 2: Healthcare Industry-Specific Technical Knowledge CAE Results Need to Improve Rank 1 Areas Evaluated by Respondents Competency (5-pt. scale) Cost reporting 2.1 Health information exchanges 1.9 Health insurance exchanges 1.7 Medicare cost reporting 2.2 Hospital value-based purchasing 2.1 Reimbursement methodologies (Medicare, Medicaid, etc.) 2.3 State-specific prompt payment laws 2.0 Accountable care organizations 2.6 Table 3: Healthcare Industry-Specific Technical Knowledge Overall Results, Three-Year Comparison Health information exchanges Health information exchanges Health information exchanges Health insurance exchanges ediscovery Value-based purchasing Accountable care organizations Meaningful Use compliance ICD-10 implementation Patient Protection and Affordable Care Act provisions Coding knowledge (ICD-9, ICD-10, HCC, HCPCS, CPT) Payment bundling State-specific prompt payment laws Healthcare joint ventures Accountable care organizations Accreditation environment (e.g., The Joint Commission) Ancillary services (pharmacy, lab, radiology, etc.) Cash acceleration programs Fraud investigations Healthcare joint ventures Hospice ICD-10 impact, readiness and implementation Medicare cost reporting Hospital value-based purchasing Physician compensation methodologies (e.g., wrvu) Professional fee billing Provider contracting Reimbursement methodologies (Medicare, Medicaid, etc.) = Three-year trend Physician compensation methodologies (e.g., wrvu) Risk pool/capitation accounting Cost containment labor and non-labor Delivery System Reform Incentive Payment (DSRIP) program Hospital value-based purchasing ICD-10 impact, readiness and implementation Medicare Modernization Act State-specific prompt payment laws State-specific privacy/security laws Clinical documentation ICD-10 impact and readiness Pay-for-performance quality standards (CMS core measures and HCAHPS) State-specific privacy/security laws 6
8 Table 4: Healthcare Industry-Specific Technical Knowledge CAE Results, Three-Year Comparison Cost reporting Health information exchanges Health information exchanges Health information exchanges IRB and clinical trials Payment bundling Health insurance exchanges Meaningful Use compliance ICD-10 implementation Medicare cost reporting Physician compensation methodologies (e.g. wrvu) Pay-for-performance quality standards (CMS core measures and HCAHPS) Hospital value-based purchasing Case management Physician credentialing Reimbursement methodologies (Medicare, Medicaid, etc.) State-specific prompt payment laws Accountable care organizations = Three-year trend Coding knowledge (ICD-9, ICD-10, HCC, HCPCS, CPT) Delivery System Reform Incentive Payment (DSRIP) program ediscovery Value-based purchasing Durable medical equipment ediscovery Healthcare joint ventures HIPAA 5010 Pandemic planning/business continuity Physician organizations Risk pool/capitation accounting Physician alignment and employment strategies Physician organizations Professional fee billing Quality of care Key finding 7.5 Senior management s level of awareness with regard to the organization s information security exposures (1-10 scale where 10 indicates high level of awareness) Key finding 6.7 Level of confidence that the organization is able to prevent an opportunistic breach as a result of actions by an insider (1-10 scale, where 10 indicates high level of confidence) 7
9 SUPPORTING, ENABLING AND PROTECTING THE DIGITAL ENTERPRISE Technology and the many ways in which it increasingly is transforming healthcare providers into digital enterprises remains the topic du jour for healthcare internal auditors. Within the technology area, cybersecurity clearly marks a major concern. And it very much should, given the rising instances of cybersecurity breaches in the industry. Our results show that the NIST Cybersecurity Framework represents a top priority for internal audit. Healthcare internal audit leaders and professionals also view strengthening data security, mastering new data analysis and addressing other IT risks (including those related to the rapid spread of social and mobile applications) among their top priorities. Need to Improve Rank Table 5: General Technical Knowledge Overall Healthcare Industry Results Areas Evaluated by Respondents Competency (5-pt. scale) 1 NIST Cybersecurity Framework 2.5 ISO (environmental management) Reporting on Controls at a Service Organization SSAE 16/AU 324 (replaces SAS 70) 2.6 ISO 9000 (quality management and quality assurance) 2.1 GTAG 16 Data Analysis Technologies 2.6 The Guide to the Assessment of IT Risk (GAIT) 2.3 ISO (information security) 1.9 Social media applications 3.1 Mobile applications 2.6 It is no surprise that the NIST Cybersecurity Framework, which was finalized in 2014, is a priority, particularly as new cybersecurity legislative proposals are weighed by Congress in the wake of high-profile cybersecurity incidents. Cybersecurity, however, is far from the only technology-related issue affecting healthcare companies. In fact, two out of three healthcare organizations continue to work through major IT transformations. 1 This transformation toward a more digital enterprise is particularly complex within the healthcare industry because it introduces to a heavily regulated environment new and disruptive technologies that are changing the way healthcare organizations operate. Healthcare internal audit departments and their organizations are working to adapt their risk management capabilities to address an increasingly digital enterprise amid so many challenges including the introduction of health information exchanges and health insurance exchanges, constant regulatory uncertainty, HIPAA compliance audits, social media misuse, increased fraud activity and regulations, recoupment of Meaningful Use funds, ICD-10 changes, and much more. 1 According to healthcare industry respondents in Protiviti s 2015 IT Priorities Survey: 8
10 Our findings also indicate internal auditors are committed to fortifying IT and data risk management, strengthening overall IT risk management capabilities, and keeping close tabs on emerging technologies and emerging risks. Part of this work includes gaining knowledge of relevant ISO standards, including ISO and ISO One last note regarding cybersecurity: As health information exchanges and health insurance exchanges mature, the need to keep data secure, accurate and private will only increase, especially as this data is shared more frequently with more external partners. Table 6: General Technical Knowledge CAE Results Need to Improve Rank 1 2 Areas Evaluated by Respondents Competency (5-pt. scale) NIST Cybersecurity Framework 2.7 Mobile applications 2.6 The Guide to the Assessment of IT Risk (GAIT) 2.3 Social media applications COSO Internal Control Framework Evaluation of Present, Functioning and Operating Together 2.9 ISO (environmental management) 1.8 Reporting on Controls at a Service Organization SSAE 16 / AU 324 (replaces SAS 70) COSO Internal Control Framework Information and Communication 3.0 Table 7: General Technical Knowledge Overall Results, Three-Year Comparison NIST Cybersecurity Framework Recently enacted IIA Standard: Overall Opinions (Standard 2450) Cloud computing ISO (environmental management) Social media applications GTAG 16 Data analysis technologies Reporting on Controls at a Service Organization SSAE 16/AU 324 (replaces SAS 70) Mobile applications ISO (information security) ISO 9000 (quality management and quality assurance) Recently enacted IIA Standards: Audit Opinions and Conclusions (Standards 2010.A2 and 2410.A1) GTAG 17 Auditing IT governance GTAG 16 Data Analysis Technologies GTAG 16 Data Analysis Technologies Social media applications The Guide to the Assessment of IT Risk (GAIT) NIST Cybersecurity Framework Fraud risk management ISO (information security) GTAG 6 Managing and Auditing IT Vulnerabilities Recently enacted IIA Standard Functional Reporting Interpretation (Standard 1110) Social media applications Mobile applications = Three-year trend GTAG 15 Information Security Governance Recently enacted IIA Standard Functional Reporting Interpretation (Standard 1110) GTAG 10 Business Continuity Management ISO (information security) Reporting on Controls at a Service Organization SSAE 16/AU 324 (replaces SAS 70) IT governance 9
11 Table 8: General Technical Knowledge CAE Results, Three-Year Comparison NIST Cybersecurity Framework Mobile applications Recently enacted IIA Standard Functional Reporting Interpretation (Standard 1110) Mobile applications NIST Cybersecurity Framework Social media applications The Guide to the Assessment of IT Risk (GAIT) Social media applications 2013 COSO Internal Control Framework Evaluation of Present, Functioning and Operating Together ISO (environmental management) Reporting on Controls at a Service Organization SSAE 16 / AU 324 (replaces SAS 70) 2013 COSO Internal Control Framework Information and Communication = Three-year trend Social media applications Cloud computing ISO (information security) GTAG 6 Managing and Auditing IT Vulnerabilities GTAG 15 Information Security Governance COSO Internal Control Framework Recently enacted IIA Standards Audit Opinions and Conclusions (Standards 2010.A2 and 2410.A1) GTAG 6 Managing and Auditing IT Vulnerabilities GTAG 17 Auditing IT Governance ISO (information security) More on the NIST Cybersecurity Framework When it comes to assessing the strength of current cybersecurity measures, the NIST Cybersecurity Framework can serve as a useful litmus test for organizations and internal audit functions. Many qualities of this framework also describe key aspects of leading practices within internal audit: It is risk-based, it is complementary with other risk programs, and it is subject to change and enhancement. However, technically NIST compliance is voluntary in the regulatory sense (yet all but required from a governance perspective). More internal audit functions are discovering that the NIST framework s approach mirrors their existing program assessments: 1. Define the business priorities and the scope of the [cybersecurity] program. 2. Define the assets in scope and the threats to them. 3. Create an As Is or baseline profile of the organization s security program implementation. 4. Perform a risk assessment of the organization s readiness. 5. Create a To Be statement/objective for the security program. 6. Define gaps between the As Is and To Be states, assess their impact and prioritize remediation activities. With regard to the last point, these gaps are, of course, crucial. Internal auditors witness this type of gap when realizing that the NIST framework is incomplete, in that it does not reach the control level, where ISO (information security) standards can be applied. Savvy internal auditors are adept at filling a wide range of risk-management and knowledge gaps. That helps explain why ISO (information security) ranks among the top 10 priorities for internal auditors this year. 10
12 ADDRESSING FRAUD RISKS The financial figures related to the largest instance of suspected Medicare fraud, as reported by federal officials last June, are staggering: $712 million in false billing, criminal charges filed against 243 individuals, $263 million in different fraud schemes in greater Miami alone, and $23 million in fraudulent billing by a single Los Angeles doctor. 2 These numbers suggest the federal government may easily surpass the more than $3.3 billion it recovered in fiscal 2014 from individuals and organizations that attempted to defraud federal health programs. Given this environment of extensive fraud against government healthcare programs, combined with the everpresent risk of occupational fraud, it s not surprising to find fraud issues among the top priorities for healthcare internal auditors. Fraud risk assessment, fraud risk, fraud monitoring and fraud auditing make up four of their six top areas of focus as identified in the Audit Process Knowledge category of our survey. The FBI recently reported it is currently investigating a staggering 2,700 instances of potential healthcare fraud. Thus, it is likely fraud will remain a critical priority for healthcare internal audit departments. Need to Improve Rank Table 9: Audit Process Knowledge Overall Healthcare Industry Results Areas Evaluated by Respondents Competency (5-pt. scale) 1 Fraud fraud risk assessment Fraud fraud risk 3.1 Fraud monitoring 2.9 Auditing IT security Continuous auditing 2.8 Fraud auditing Assessing risk emerging issues 3.0 Need to Improve Rank Table 10: Audit Process Knowledge CAE Results Areas Evaluated by Respondents Competency (5-pt. scale) 1 Auditing IT security 2.2 Computer-assisted audit tools (CAATs) 2.8 Data analysis tools data manipulation 2.8 Continuous auditing Data analysis tools statistical analysis 2.6 Marketing internal audit internally 3.6 Fraud monitoring 3.4 Continuous monitoring Barrett, Devlin, Feds Charge More Than 200 People With Medicare Fraud, The Wall Street Journal, June 18, 2015: 11
13 Table 11: Audit Process Knowledge Overall Results, Three-Year Comparison Fraud fraud risk assessment Fraud fraud risk Fraud monitoring Auditing IT security Quality Assurance and Improvement Program (IIA Standard 1300) Periodic Reviews (IIA Standard 1311) Statistically based sampling Auditing IT new technologies Marketing internal audit internally Data analysis tools data manipulation Quality assurance and improvement program (IIA Standard 1300) External assessment (IIA Standard 1312) Quality assurance and improvement program (IIA Standard 1300) Ongoing reviews (IIA Standard 1311) Quality assurance and improvement program (IIA Standard 1300) Periodic reviews (IIA Standard 1311) Continuous auditing Auditing IT program development Fraud fraud risk assessment Fraud auditing Auditing IT security Enterprisewide risk management Assessing risk emerging issues = Three-year trend CAATs Quality Assurance and Improvement Program (IIA Standard 1300) External Assessment (Standard 1312) Assessing risk emerging issues Fraud monitoring Assessing risk emerging issues Table 12: Audit Process Knowledge CAE Results, Three-Year Comparison Auditing IT security Auditing IT new technologies Auditing IT new technologies Computer-assisted audit tools (CAATs) Data analysis tools data manipulation Continuous auditing Data analysis tools statistical analysis Marketing internal audit internally Fraud monitoring Continuous monitoring = Three-year trend Auditing IT security Marketing internal audit internally Assessing risk emerging issues Quality Assurance and Improvement Program (IIA Standard 1300) External Assessment (Standard 1312) Quality Assurance and Improvement Program (IIA Standard 1300) Periodic Reviews (IIA Standard 1311) Statistically based sampling Quality assurance and improvement program (IIA Standard 1300) External assessment (IIA Standard 1312) Quality assurance and improvement program (IIA Standard 1300) Ongoing reviews (IIA Standard 1311) Quality assurance and improvement program (IIA Standard 1300) Periodic reviews (IIA Standard 1311) Enterprisewide risk management Auditing IT security Data analysis tools data manipulation Presenting to the audit committee 12
14 MULTI-STAKEHOLDER COLLABORATION As this report s preceding sections demonstrate, healthcare internal audit functions confront a formidable set of challenges. While these issues vary significantly ranging from cybersecurity to health insurance exchanges to digital transformation and more they share a common attribute: complexity. Cybersecurity and overall IT risk management, for example, require cooperation among colleagues in IT, risk management, operations, legal counsel and other departments. Effectively addressing these multidimensional challenges requires internal auditors to work across a number of different internal functions and, often, with a number of external parties. This work boils down to persuading business partners throughout the organization to integrate risk considerations into every decision they make. This effort is evident in our survey results, where high-pressure meetings and persuasion represent the top priorities within the personal skills and capabilities category (see Tables 13 and 14). Other highly ranked priorities presenting (small groups) and negotiation point to internal audit s drive to collaborate with different stakeholders, including senior executives, board committees and outside networks. Table 13: Personal Skills and Capabilities Overall Healthcare Industry Results Need to Improve Rank Areas Evaluated by Respondents Competency (5-pt. scale) High-pressure meetings 3.1 Persuasion 3.1 Negotiation 2.8 Presenting (small groups) 2.9 Developing other board committee relationships 2.8 Developing outside contacts/networking 3.5 Developing rapport with senior executives 3.2 Leadership (within the internal audit profession) 3.1 Presenting (public speaking) 3.1 Strategic thinking 3.2 Using/mastering new technology and applications
15 The ability to collaborate effectively with multiple stakeholders is a key enabler of internal audit s ongoing drive to contribute value by: Thinking more strategically when analyzing risk and framing audit plans; Providing early warning and education on new and emerging risks; Broadening focus on operations, compliance and nonfinancial reporting issues; Strengthening the lines of defense that make risk management work; and Improving the information for decision-making across the organization. 3 Two priorities, developing other board committee relationships and negotiation, are noteworthy for the relatively low competency ratings (a 2.8 on a 5-point scale) among our respondents. The personal skills priority lists for all respondents, including CAEs, are lengthy. Overall, respondents identified 11 nearly equally important priorities that point to an underlying desire to enhance the value internal audit delivers to the organization even in the face of new multi-dimensional challenges. Need to Improve Rank Table 14: Personal Skills and Capabilities CAE Results Areas Evaluated by Respondents Competency (5-pt. scale) 1 Persuasion 3.8 Strategic thinking Presenting (small groups) 3.8 Developing outside contacts/networking 4.2 High-pressure meetings 4.0 Using/mastering new technology and applications Negotiation 3.8 Creating a learning internal audit function 3.6 Presenting (public speaking) A more comprehensive discussion of these activities is available in The Bulletin, Volume 5, Issue 6, The Future Auditor: The Chief Audit Executive s Endgame, available at 14
16 Table 15: Personal Skills and Capabilities Overall Results, Three-Year Comparison High-pressure meetings Presenting (public speaking) Presenting (public speaking) Persuasion Developing other board committee relationships High-pressure meetings Negotiation Developing outside contacts/networking Dealing with confrontation Presenting (small groups) Leadership (within your organization) Persuasion Developing other board committee relationships Developing outside contacts/networking Developing rapport with senior executives Leadership (within the internal audit profession) Presenting (public speaking) Strategic thinking Using/mastering new technology and applications = Three-year trend Persuasion Time management Using/mastering new technology and applications Dealing with confrontation Developing audit committee relationships Negotiation Using/mastering new technology and applications Table 16: Personal Skills and Capabilities CAE Results, Three-Year Comparison Persuasion Using/mastering new technology and applications Coaching/mentoring Strategic thinking Developing audit committee relationships Negotiation Presenting (small groups) Developing other board committee relationships High-pressure meetings Developing outside contacts/networking Developing outside contacts/networking Dealing with confrontation High-pressure meetings Negotiation Presenting (public speaking) Using/mastering new technology and applications Presenting (public speaking) Persuasion Negotiation High-pressure meetings Strategic thinking Creating a learning internal audit function Presenting (public speaking) = Three-year trend Persuasion Using/mastering new technology and applications Developing audit committee relationships 15
17 CLOSING THOUGHTS Healthcare internal audit leaders and professionals continue to demonstrate a commitment to professional growth and development in the face of growing challenges in the industry. An increasing portion of this work is designed to reduce the risks that new and emerging technology can create, which in turn helps optimize the value that healthcare provider organizations derive from the increasingly innovative and promising benefits that this technology delivers. As healthcare provider organizations continue their digital transformations, this internal audit work will become more important, and ever more valuable. For additional information and insights, we invite you to review the following resources from AHIA and Protiviti: AHIA ( Third-Party Relationships and Your Confidential Data HHS/OIG Practical Guidance for Health Care Governing Boards on Compliance Oversight Protiviti ( From Cybersecurity to Collaboration: Assessing the Top Priorities for Internal Audit Functions HIPAA Security Prepare Now or Wait and See? A Global Look at IT Audit Best Practices mhealth: How Mobile Apps Can Help Health Plans Improve Consumer Engagement and Facilitate Behavior Change 2015 Vendor Risk Management Benchmark Study 16
18 ABOUT AHIA The Association of Healthcare Internal Auditors (AHIA) is a network of experienced healthcare internal auditing professionals who come together to share tools, knowledge and insight on how to assess and evaluate risk within a complex and dynamic healthcare environment. AHIA is an advocate for the profession, continuing to elevate and champion the strategic importance of healthcare internal auditors with executive management and the Board. If you have a stake in healthcare governance, risk management and internal controls, AHIA is your one-stop resource. Explore our website for more information. If you are not a member, please join our network. Contact Todd Havens AHIA White Paper Committee Chair todd.havens@lvhn.org ABOUT PROTIVITI Protiviti ( is a global consulting firm that helps companies solve problems in finance, technology, operations, governance, risk and internal audit, and has served more than 60 percent of Fortune 1000 and 35 percent of Fortune Global 500 companies. Protiviti and our independently owned Member Firms serve clients through a network of more than 70 locations in over 20 countries. We also work with smaller, growing companies, including those looking to go public, as well as with government agencies. Named one of the 2015 Fortune 100 Best Companies to Work For, Protiviti is a wholly owned subsidiary of Robert Half (NYSE: RHI). Founded in 1948, Robert Half is a member of the S&P 500 index. Contacts Brian Christensen Executive Vice President Global Internal Audit brian.christensen@protiviti.com Susan Haseley Managing Director Healthcare Industry Leader susan.haseley@protiviti.com 17
19 Education Networking Resources Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Vet. PRO
Top Priorities for Internal Auditors in U.S. Healthcare Provider Organizations
Top Priorities for Internal Auditors in U.S. Healthcare Provider Organizations Key Areas for Improvement Include Compliance, Information Security, Social Media and Quality Assurance INTRODUCTION Historic
More informationTop Priorities for Internal Auditors in U.S. Healthcare Provider Organizations
Top Priorities for Internal Auditors in U.S. Healthcare Provider Organizations Key Areas for Improvement Include Compliance, Social Media and Quality Assurance Activities INTRODUCTION In January 01, healthcare
More informationTop Priorities for Internal Audit in Healthcare Provider Organizations
Top Priorities for Internal Audit in Healthcare Provider Organizations Assessing Healthcare Industry Results from the 202 Internal Audit Capabilities and Needs Survey INTRODUCTION The best gamblers typically
More informationFrom Cybersecurity to Collaboration: Assessing the Top Priorities for Internal Audit Functions. 2015 Internal Audit Capabilities and Needs Survey
From Cybersecurity to Collaboration: Assessing the Top Priorities for Internal Audit Functions 2015 Internal Audit Capabilities and Needs Survey SECURITY IS, I WOULD SAY, OUR TOP PRIORITY BECAUSE FOR ALL
More informationFPO. 2012 Internal Audit Capabilities and Needs Survey. 1 2012 Internal Audit Capabilities and Needs Survey
FPO 2012 Internal Audit Capabilities and Needs Survey 1 2012 Internal Audit Capabilities and Needs Survey Introduction Technology is crucial to administering and managing the audit process from the beginning
More information2013 Internal Audit Capabilities and Needs Survey Report. Assessing the Top Priorities for Internal Audit Functions
2013 Internal Audit Capabilities and Needs Survey Report Assessing the Top Priorities for Internal Audit Functions Introduction IN THE STRUGGLE FOR SURVIVAL, THE FITTEST WIN OUT AT THE EXPENSE OF THEIR
More informationPROTIVITI FLASH REPORT
PROTIVITI FLASH REPORT Cybersecurity Framework: Where Do We Go From Here? February 25, 2014 Just over a year ago, President Barack Obama signed an Executive Order (EO) calling for increased cybersecurity
More informationHigh Value Audits: An Update on Information Technology Auditing. Robert B. Hirth Jr., Managing Director
High Value Audits: An Update on Information Technology Auditing Robert B. Hirth Jr., Managing Director The technology landscape and its impact on internal audit Technology is playing an ever-growing role
More informationToday s Financial Services IT Organization Delivering Security, Value and Performance Amid Major Transformation
Today s Financial Services IT Organization Delivering Security, Value and Performance Amid Major Transformation Assessing the Financial Services Industry Results from Protiviti s 2014 IT Priorities and
More informationPROTIVITI FLASH REPORT
PROTIVITI FLASH REPORT HHS Announces Plans to Reconsider Implementation Timeline for U.S. Healthcare Industry s Transition to ICD-10 February 17, 2012 On Wednesday, February 15, the Department of Health
More informationMoving Internal Audit Back into Balance
Moving Internal Audit Back into Balance A Post-Sarbanes-Oxley Survey Fourth Edition Table of Contents Introduction... 1 Executive Summary... 2 Overview of Rebalancing Initiatives... 4 Current Status of
More information2013 Healthcare Compliance Benchmark Study
2013 Healthcare Compliance Benchmark Study Presented By: and Executive Summary Beginning in early December of 2012, Compliance 360 (now part of SAI Global), conducted a survey among compliance professionals
More informationFrom Cybersecurity to IT Governance Preparing Your 2014 Audit Plan. Assessing the Results of Protiviti s Third Annual IT Audit Benchmarking Survey
From Cybersecurity to IT Governance Preparing Your 2014 Audit Plan Assessing the Results of Protiviti s Third Annual IT Audit Benchmarking Survey Table of Contents Introduction...2 Top Technology Challenges
More informationFPO. 2013 IT Priorities Survey. Mobile Commerce, Social Media, Data Management and Business Continuity Dominate the Agendas of IT Departments
FPO Mobile Commerce, Social Media, Data Management and Business Continuity Dominate the Agendas of IT Departments 1 Introduction A cursory glance at nearly any information technology (IT) article, survey
More informationHealthcare Reform: The Road Ahead
Healthcare Reform: The Road Ahead Kevin Lyles, Esq. Partner, Jones Day kdlyles@jonesday.com (614) 281-3821 Frank E. Sheeder, Esq. Partner, DLA Piper frank.sheeder@dlapiper.com (214) 743-4560 Diane Meyer
More informationSecuring Patient Portals. What You Need to Know to Comply With HIPAA Omnibus and Meaningful Use
Securing Patient Portals What You Need to Know to Comply With HIPAA Omnibus and Meaningful Use September 2013 Table of Contents Abstract... 3 The Carrot and the Stick: Incentives and Penalties for Securing
More informationCybersecurity The role of Internal Audit
Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government
More informationCloud Security Keeping Data Safe in the Boundaryless World of Cloud Computing
Cloud Security Keeping Data Safe in the Boundaryless World of Cloud Computing Executive Summary As cloud service providers mature, and expand and refine their offerings, it is increasingly difficult for
More informationICD-10: Ready or Not?
ICD-10: Ready or Not? Survey Results Provide an Overview of ICD-10 Implementation and Planning Status By Jerry Lear, CIA, CISA, and Kirra Phillips, RHIA, CCS CHAN Healthcare AHIA In only a few months,
More informationHealthcare IT Trending Issues for 2015
Healthcare IT Trending Issues for 2015 January 2015 Contents Providers Start to Really Pay Attention to Privacy and Security... 3 Hospitals Take a New Interest in Upgrading Administrative Information Systems...
More informationFFIEC Cybersecurity Assessment Tool
Overview In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed the Cybersecurity Tool (), on behalf of its members,
More informationApril 3, 2015. Re: Request for Comment: ONC Interoperability Roadmap. Dear Dr. DeSalvo:
Karen DeSalvo, M.D., M.P.H., M.Sc. Acting Assistant Secretary for Health National Coordinator for Health Information Technology U.S. Department of Health and Human Services 200 Independence Avenue, S.W.,
More informationFINANCIAL SERVICES FLASH REPORT
FINANCIAL SERVICES FLASH REPORT OCC Finalizes Its Heightened Standards for Large Financial Institutions September 15, 2014 Transforming Heightened Expectations to Minimum Standards On September 2, 2014,
More informationInformation Security Management System for Microsoft s Cloud Infrastructure
Information Security Management System for Microsoft s Cloud Infrastructure Online Services Security and Compliance Executive summary Contents Executive summary 1 Information Security Management System
More informationWhy you should adopt the NIST Cybersecurity Framework
www.pwc.com/cybersecurity Why you should adopt the NIST Cybersecurity Framework May 2014 The National Institute of Standards and Technology Cybersecurity Framework may be voluntary, but it offers potential
More informationHITRUST CSF Assurance Program
HITRUST CSF Assurance Program Simplifying the information protection of healthcare data 1 May 2015 2015 HITRUST LLC, Frisco, TX. All Rights Reserved Table of Contents Background CSF Assurance Program Overview
More informationHelping You Achieve Better Clinical and Financial Health
McKesson Business Performance Services Accountable Care Services Helping You Achieve Better Clinical and Financial Health 1 We recognized that fee-for-service would decrease and value-based care would
More informationStrategies for. Proactively Auditing. Compliance to Mitigate. Matt Jackson, Director Kevin Dunnahoo, Manager
Strategies for 1 Proactively Auditing HIPAA Security Compliance to Mitigate Risk Matt Jackson, Director Kevin Dunnahoo, Manager AHIA 32 nd Annual Conference August 25-28, 2013 Chicago, Illinois www.ahia.org
More informationInternal Auditing Guidelines
Internal Auditing Guidelines Recommendations on Internal Auditing for Lottery Operators Issued by the WLA Security and Risk Management Committee V1.0, March 2007 The WLA Internal Auditing Guidelines may
More informationPreventing Fraud: Assessing the Fraud Risk Management Capabilities of Today s Largest Organizations
Preventing Fraud: Assessing the Fraud Risk Management Capabilities of Today s Largest Organizations Overview In late 2006 and 2007, Protiviti commissioned a study to gauge the fraud risk management (FRM)
More informationContinuous Monitoring and Auditing: What is the difference? By John Verver, ACL Services Ltd.
Continuous Monitoring and Auditing: What is the difference? By John Verver, ACL Services Ltd. Call them the twin peaks of continuity continuous auditing and continuous monitoring. There are certainly similarities
More informationAmid Ongoing Transformation and Compliance Challenges, Cybersecurity Represents Top IT Concern in Financial Services Industry
Amid Ongoing Transformation and Compliance Challenges, Cybersecurity Represents Top IT Concern in Financial Services Industry IT leaders are battening down the hatches, according to Protiviti s latest
More informationBridging the HIPAA/HITECH Compliance Gap
CyberSheath Healthcare Compliance Paper www.cybersheath.com -65 Bridging the HIPAA/HITECH Compliance Gap Security insights that help covered entities and business associates achieve compliance According
More informationAnatomy of a Healthcare Data Breach
BUSINESS WHITE PAPER Anatomy of a Healthcare Data Breach Prevention and remediation strategies Anatomy of a Healthcare Data Breach Table of Contents 2 Increased risk 3 Mitigation costs 3 An Industry unprepared
More informationHIPAA and HITRUST - FAQ
A COALFIRE WHITE PAPER HIPAA and HITRUST - FAQ by Andrew Hicks, MBA, CISA, CCM, CRISC, HITRUST CSF Practitioner Director, Healthcare Practice Lead Coalfire February 2013 Introduction Organizations are
More informationHow To Get A Tech Startup To Comply With Regulations
Agile Technology Controls for Startups a Contradiction in Terms or a Real Opportunity? Implementing Dynamic, Flexible and Continuously Optimized IT General Controls POWERFUL INSIGHTS Issue It s not a secret
More informationJuly 23, 2015. Page 1
Testimony of Paul Black, Before the Senate Committee on Health Education Labor and Pensions Achieving the Promise of Health Information Technology: Information Blocking and Potential Solutions July 23,
More information2015 Vendor Risk Management Benchmark Study. The Shared Assessments Program and Protiviti Examine the Maturity of Vendor Risk Management
2015 Vendor Risk Management Benchmark Study The Shared Assessments Program and Protiviti Examine the Maturity of Vendor Risk Management INTRODUCTION/EXECUTIVE SUMMARY MANY ORGANIZATIONS ARE NOT PREPARED
More informationThe Journey to ORSA Begins. Assessing the Results of the 2015 ORSA Survey from St. John s University and Protiviti
The Journey to ORSA Begins Assessing the Results of the 2015 ORSA Survey from St. John s University and Protiviti Executive Summary PUBLIC COMPANIES HAVE SOX. FINANCIAL SERVICES ORGANIZATIONS (AND OTHERS)
More informationHow To Ensure Internal Control Of Financial Reporting In India
PROTIVITI FLASH REPORT New Internal Control Requirements for Companies with Operations in India November 9, 2015 In the aftermath of major global financial frauds, several countries enacted legislation
More informationTop Priorities for Internal Audit in Telecommunications
Top Priorities for Internal Audit in Telecommunications Assessing Telecommunications Industry Results from the 2012 Internal Audit Capabilities and Needs Survey TELECOMMUNICATIONS COMPANIES OR COMMUNICATIONS
More informationHealthcare Internal Audit: In a Time of Transition
The 2015 State of the Internal Audit Profession Study Healthcare Internal Audit: In a Time of Transition The healthcare industry in the United States is facing many challenges with the enactment of legislation
More informationFFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors
Overview for Chief Executive Officers and Boards of Directors In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed
More information6 Critical Impact Factors of Health Reform on Revenue Cycle Management
6 Critical Impact Factors of Health Reform on Revenue Cycle Management Pyramid Healthcare Solutions Thought Leadership Series The healthcare industry is undergoing significant change in the face of the
More information6 Critical Impact Factors of Health Reform on Revenue Cycle Management
6 Critical Impact Factors of Health Reform on Revenue Cycle Management Pyramid Healthcare Solutions Thought Leadership Series The healthcare industry is undergoing significant change in the face of the
More informationSecuring the Cloud Infrastructure
EXECUTIVE STRATEGY BRIEF Microsoft recognizes that security and privacy protections are essential to building the necessary customer trust for cloud computing to reach its full potential. This strategy
More informationGovernance, Risk, and Compliance (GRC) White Paper
Governance, Risk, and Compliance (GRC) White Paper Table of Contents: Purpose page 2 Introduction _ page 3 What is GRC _ page 3 GRC Concepts _ page 4 Integrated Approach and Methodology page 4 Diagram:
More informationGOVERNANCE, RISK AND COMPLIANCE. Internal Audit. Assessing Fraud Vulnerabilities. kpmg.com/in
GOVERNANCE, RISK AND COMPLIANCE Internal Audit Assessing Fraud Vulnerabilities kpmg.com/in 1 Internal Audit Assessing Fraud Vulnerabilities Introduction Globalization has increased the scale and complexity
More informationInsurance Industry Expertise
Insurance Industry Expertise Delivered With High-Level Attention and Service Audit Tax Advisory Risk Performance The Unique Alternative to the Big Four For more than 50 years, clients in all sectors of
More informationCyber Governance Preparing for the Inevitable Perimeter Breach
SAP Brief SAP Extensions SAP Regulation Management by Greenlight, Cyber Governance Edition Objectives Cyber Governance Preparing for the Inevitable Perimeter Breach Augment your preventive cybersecurity
More informationPayment Card Industry Data Security Standards
Payment Card Industry Data Security Standards Discussion Objectives Agenda Introduction PCI Overview and History The Protiviti Difference Questions and Discussion 2 2014 Protiviti Inc. CONFIDENTIAL: This
More informationInformation Technology Security Review April 16, 2012
Information Technology Security Review April 16, 2012 The Office of the City Auditor conducted this project in accordance with the International Standards for the Professional Practice of Internal Auditing
More informationTest Content Outline Effective Date: January 12, 2016. Nurse Executive Board Certification Examination
Board Certification Examination There are 175 questions on this examination. Of these, 150 are scored questions and 25 are pretest questions that are not scored. Pretest questions are used to determine
More informationCYBERSECURITY IN HEALTHCARE: A TIME TO ACT
share: TM CYBERSECURITY IN HEALTHCARE: A TIME TO ACT Why healthcare is especially vulnerable to cyberattacks, and how it can protect data and mitigate risk At a time of well-publicized incidents of cybersecurity
More informationAccenture Risk Management. Industry Report. Life Sciences
Accenture Risk Management Industry Report Life Sciences Risk management as a source of competitive advantage and high performance in the life sciences industry Risk management that enables long-term competitive
More informationPSYCHIATRY IN HEALTHCARE REFORM SUMMARY REPORT A REPORT BY AMERICAN PSYCHIATRIC ASSOCIATION BOARD OF TRUSTEES WORK GROUP ON THE ROLE OF
ROLE OF PSYCHIATRY IN HEALTHCARE REFORM SUMMARY REPORT A REPORT BY AMERICAN PSYCHIATRIC ASSOCIATION BOARD OF TRUSTEES WORK GROUP ON THE ROLE OF PSYCHIATRY IN HEALTHCARE REFORM 2014 Role of Psychiatry in
More informationWhy you should adopt the NIST Cybersecurity Framework
Why you should adopt the NIST Cybersecurity Framework It s important to note that the Framework casts the discussion of cybersecurity in the vocabulary of risk management Stating it in terms Executive
More informationTop Priorities for Internal Audit in Manufacturing
Top Priorities for Internal Audit in Manufacturing Assessing Manufacturing Industry Results from the 2012 Internal Audit Capabilities and Needs Survey LEADERSHIP TEAMS IN MANUFACTURING COMPANIES ARE LOOKING
More informationImpact of Healthcare Regulations on the Data Center
Executive Report Impact of Healthcare Regulations on the Data Center Impact of Healthcare Regulations The HIPAA and HITECH acts, along with the Affordable Care Act, are changing the face of the healthcare
More informationTestimony of Dan Nutkis CEO of HITRUST Alliance. Before the Oversight and Government Reform Committee, Subcommittee on Information Technology
Testimony of Dan Nutkis CEO of HITRUST Alliance Before the Oversight and Government Reform Committee, Subcommittee on Information Technology Hearing entitled: Cybersecurity: The Evolving Nature of Cyber
More informationComments on the 21 st Century Cures: Digital Health Care
Comments on the 21 st Century Cures: Digital Health Care July 22, 2014 The Pharmaceutical Research and Manufacturers of America (PhRMA) appreciates the opportunity to provide input to the House Energy
More informationThe Rising Tide of Pharmacy Benefit Cost and Complexity: A health plans roadmap to optimizing pharmacy services relationships
The Rising Tide of Pharmacy Benefit Cost and Complexity: A health plans roadmap to optimizing pharmacy services relationships New pharmacy benefit challenges After several years of manageable pharmacy
More informationInternal audit FROM COMPLIANCE TO RISK MANAGEMENT: THE CHANGING ROLE OF INTERNAL AUDIT
Internal audit FROM COMPLIANCE TO RISK MANAGEMENT: THE CHANGING ROLE OF INTERNAL AUDIT 20 February 2015 A PLUS Rapid regulatory change and technology-fuelled trends have shifted internal auditors focus
More informationEXECUTIVE REPORT. Why Healthcare Providers Seek Out New Ways To Manage and Utilize Big Data
EXECUTIVE REPORT Why Healthcare Providers Seek Out New Ways To Manage and Utilize Big Impact of Healthcare Regulations on the Center The HIPAA and HITECH acts, along with the Affordable Care Act, are changing
More informationHealthcare Cybersecurity Perspectives from the Michigan Healthcare Cybersecurity Council
Healthcare Cybersecurity Perspectives from the Michigan Healthcare Cybersecurity Council Presented by Doug Copley, Chairman Michigan Healthcare Cybersecurity Council Mr. Chairman and Committee Members,
More informationVendor Management Best Practices
23 rd Annual and One Day Seminar Vendor Management Best Practices Catherine Bruder CPA, CITP, CISA, CISM, CTGA Michigan Texas Florida Insight. Oversight. Foresight. SM Doeren Mayhew Bruder 1 $100 billion
More informationHITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What?
HITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What? Introduction This material is designed to answer some of the commonly asked questions by business associates and other organizations
More informationIntroduction. What is Transparency in Health Care?
Introduction Transparency is a vital component of an efficient and effective health care system. As concerns about the cost and quality of health care in the United States continue to grow and large employers
More informationSEC Cybersecurity Findings May Establish De Facto Standard
Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com SEC Cybersecurity Findings May Establish De Facto
More informationProtecting your brand in the cloud Transparency and trust through enhanced reporting
Protecting your brand in the cloud Transparency and trust through enhanced reporting Third-party Assurance November 2011 At a glance Cloud computing has unprecedented potential to deliver greater business
More informationThe Cornerstones of Accountable Care ACO
The Cornerstones of Accountable Care Clinical Integration Care Coordination ACO Information Technology Financial Management The Accountable Care Organization is emerging as an important care delivery and
More informationThe Business Case for Using Big Data in Healthcare
SAP Thought Leadership Paper Healthcare and Big Data The Business Case for Using Big Data in Healthcare Exploring How Big Data and Analytics Can Help You Achieve Quality, Value-Based Care Table of Contents
More informationEnterprise Analytics Strategic Planning
Enterprise Analytics Strategic Planning June 5, 2013 1 "The first question a data driven organization needs to ask itself is not "what do we think?" but rather "what do we know? Big Data: The Management
More informationCLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY
CLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY CLOSING THE DOOR TO CYBER ATTACKS Cybersecurity and information security have become key challenges for
More informationPROTIVITI FLASH REPORT
PROTIVITI FLASH REPORT California Law Requires Companies to Disclose Efforts to Ensure Supply Chains Are Free of Slavery and Human Trafficking February 6, 2012 The California Transparency in Supply Chains
More informationSunday March 30, 2014, 9am noon HCCA Conference, San Diego
Meaningful Use as it Relates to HIPAA Compliance Sunday March 30, 2014, 9am noon HCCA Conference, San Diego CLAconnect.com Objectives and Agenda Understand the statutory and regulatory background and purpose
More informationSempra Energy Utilities response Department of Commerce Inquiry on Cyber Security Incentives APR 29 2013
Sempra Energy Utilities response Department of Commerce Inquiry on Cyber Security Incentives APR 29 2013 Sempra Energy s gas and electric utilities collaborate with industry leaders and a wide range of
More informationThe Changing IT Risk Landscape Understanding and managing existing and emerging risks
The Changing IT Risk Landscape Understanding and managing existing and emerging risks IIA @ Noon Kareem Sadek Senior Manager, Deloitte Canada Chris Close Senior Manager, Deloitte Canada December 2, 2015
More information6 Critical Impact Factors of Health Reform on Revenue Cycle Management Pyramid Healthcare Solutions Thought Leadership Series
6 Critical Impact Factors of Health Reform on Revenue Cycle Management Pyramid Healthcare Solutions Thought Leadership Series The healthcare industry is undergoing significant change in the face of the
More informationCyber and Data Risk What Keeps You Up at Night?
Legal Counsel to the Financial Services Industry Cyber and Data Risk What Keeps You Up at Night? December 10, 2014 Introduction & Overview Today s Discussion: Evolving nature of data and privacy risks
More informationIT AUDIT WHO WE ARE. Current Trends and Top Risks of 2015 10/9/2015. Eric Vyverberg. Randy Armknecht. David Kupinski
IT AUDIT Current Trends and Top Risks of 2015 2 02 Eric Vyverberg WHO WE ARE David Kupinski Randy Armknecht Associate Director Internal Audit Protiviti 317.510.4661 eric.vyverberg@protiviti.com Managing
More informationConsidering Meaningful Use Participation when Acquiring a Hospital or Professional Practice
WHITE PAPER Considering Meaningful Use Participation when Acquiring a Hospital or Professional Practice An Encore Point of View By Paul Murphy, MBA & Amy Thorpe MBA, PMP, FHIMSS February 2015 AN ENCORE
More informationAccess is power. Access management may be an untapped element in a hospital s cybersecurity plan. January 2016. kpmg.com
Access is power Access management may be an untapped element in a hospital s cybersecurity plan January 2016 kpmg.com Introduction Patient data is a valuable asset. Having timely access is critical for
More informationFuture. Embracing. the. New Times, New Opportunities for Health Information Managers. Summary Findings. from the HIM.
The Future of Health Information Management Summary Findings from the HIM Workforce Study Embracing the Future New Times, New Opportunities for Health Information Managers The workforce research study
More informationTimeline: Key Feature Implementations of the Affordable Care Act
Timeline: Key Feature Implementations of the Affordable Care Act The Affordable Care Act, signed on March 23, 2010, puts in place health insurance reforms that will roll out incrementally over the next
More informationFraud Prevention and Detection in a Manufacturing Environment
Fraud Prevention and Detection in a Manufacturing Environment Introduction The Association of Certified Fraud Examiners (ACFE) estimated in its 2008 Report to the Nation on Occupational Fraud and Abuse
More informationOur Commitment to Information Security
Our Commitment to Information Security What is HIPPA? Health Insurance Portability and Accountability Act 1996 The HIPAA Privacy regulations require health care providers and organizations, as well as
More informationContinuous Third-Party Security Monitoring Powers Business Objectives And Vendor Accountability
A Custom Technology Adoption Profile Commissioned By BitSight Technologies Continuous Third-Party Security Monitoring Powers Business Objectives And Vendor Accountability Introduction As concerns around
More informationThird-Party Risk Management for Life Sciences Companies
April 2016 Third-Party Risk Management for Life Sciences Companies Five Leading Practices for Data Protection By Mindy Herman, PMP, and Michael Lucas, CISSP Audit Tax Advisory Risk Performance Crowe Horwath
More informationProcess Control Optimisation with SAP
Process Control Optimisation with SAP The procure-to-pay cycle, which includes all activities from the procurement of goods and services to receiving invoices and paying vendors, is a basic business process.
More informationAddressing FISMA Assessment Requirements
SOLUTION BRIEF Heeding FISMA s Call for Security Metrics and Continuous Network Monitoring Addressing FISMA Assessment Requirements Using RedSeal november 2011 WHITE PAPER RedSeal Networks, Inc. 3965 Freedom
More informationVendor Risk Management Financial Organizations
Webinar Series Vendor Risk Management Financial Organizations Bob Justus Chief Security Officer Allgress Randy Potts Managing Consultant FishNet Security Bob Justus Chief Security Officer, Allgress Current
More informationACCOUNTABLE CARE ANALYTICS: DEVELOPING A TRUSTED 360 DEGREE VIEW OF THE PATIENT
ACCOUNTABLE CARE ANALYTICS: DEVELOPING A TRUSTED 360 DEGREE VIEW OF THE PATIENT Accountable Care Analytics: Developing a Trusted 360 Degree View of the Patient Introduction Recent federal regulations have
More informationLeveraging a Maturity Model to Achieve Proactive Compliance
Leveraging a Maturity Model to Achieve Proactive Compliance White Paper: Proactive Compliance Leveraging a Maturity Model to Achieve Proactive Compliance Contents Introduction............................................................................................
More informationSecurity & IT Governance: Strategies to Building a Sustainable Model for Your Organization
Security & IT Governance: Strategies to Building a Sustainable Model for Your Organization Outside View of Increased Regulatory Requirements Regulatory compliance is often seen as sand in the gears requirements
More informationImpact of New Internal Control Frameworks
Impact of New Internal Control Frameworks Webcast: Tuesday, February 25, 2014 CPE Credit: 1 0 With You Today Bob Jacobson Principal, Risk Advisory Services Consulting Leader West Region Bob.Jacobson@mcgladrey.com
More informationVENDOR MANAGEMENT. General Overview
VENDOR MANAGEMENT General Overview With many organizations outsourcing services to other third-party entities, the issue of vendor management has become a noted topic in today s business world. Vendor
More informationSecuring the Microsoft Cloud
Securing the Microsoft Cloud Securing the Microsoft Cloud Page 1 Securing the Microsoft Cloud Microsoft recognizes that trust is necessary for organizations and consumers to fully embrace and benefit from
More informationDealer Member Cyber-security
Administrative Notice General Please distribute internally to: Legal and Compliance Senior Management Contact: Wendy Rudd Senior Vice President, Member Regulation and Strategic Initiatives 416 646-7216
More information